GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-21 07:30:32 Windows 6.0.6000 Running: kcx9rryd.exe; Driver: C:\Users\BOBBYK~1\AppData\Local\Temp\kfrirpog.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 85854BF8 INT 0x61 ? 85406BF8 INT 0x61 ? 85406BF8 INT 0x61 ? 85406BF8 INT 0x61 ? 85406BF8 INT 0x71 ? 85854BF8 INT 0x92 ? 85854BF8 INT 0xA2 ? 85854BF8 INT 0xB2 ? 85854BF8 Code 856FE8E8 ZwEnumerateKey Code 855C6188 ZwFlushInstructionCache Code 855C6635 IofCallDriver Code 855CD946 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 82027F3B 5 Bytes JMP 855C663A .text ntkrnlpa.exe!IofCompleteRequest 82027FA8 5 Bytes JMP 855CD94B PAGE ntkrnlpa.exe!ZwEnumerateKey 82137F06 5 Bytes JMP 856FE8EC PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821E84A7 5 Bytes JMP 855C618C ? System32\Drivers\spdu.sys The system cannot find the path specified. ! .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x80687024] .text USBPORT.SYS!DllUnload 8F3B7FEB 5 Bytes JMP 858541D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Media Player\wmpnscfg.exe[284] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 00BD000A .text C:\Users\Bobby Kalb\Downloads\kcx9rryd.exe[352] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 010C000A .text C:\Windows\system32\wininit.exe[456] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 00C3000A .text C:\Windows\system32\services.exe[528] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 00E2000A .text C:\Windows\system32\lsass.exe[540] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 0095000A .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] WS2_32.dll!closesocket 77B33847 5 Bytes JMP 02FA000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] WS2_32.dll!send 77B33A8A 5 Bytes JMP 02FB000A .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] WS2_32.dll!connect 77B34BA7 5 Bytes JMP 02E5000A .text C:\Windows\system32\wbem\wmiprvse.exe[1856] kernel32.dll!CreateProcessW 76301D27 5 Bytes JMP 0097000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749CB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749BCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749B8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749CCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749B7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749B7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749B6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A4C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749D7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749C2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749C21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749C7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749C7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749F83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8540B1F8 Device \FileSystem\fastfat \FatCdrom 862391F8 Device \FileSystem\udfs \UdfsCdRom 863371F8 Device \FileSystem\udfs \UdfsDisk 863371F8 Device \Driver\sptd \Device\2140592179 spdu.sys Device \Driver\volmgr \Device\VolMgrControl 854081F8 Device \Driver\usbuhci \Device\USBPDO-0 8586D1F8 Device \Driver\usbuhci \Device\USBPDO-1 8586D1F8 Device \Driver\usbuhci \Device\USBPDO-2 8586D1F8 Device \Driver\usbehci \Device\USBPDO-3 8586E1F8 Device \Driver\USBSTOR \Device\00000061 8615C1F8 Device \Driver\usbuhci \Device\USBPDO-4 8586D1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{0C33EE0E-AB61-4D05-9B10-C9C2F622D5E5} 8612C500 Device \Driver\usbuhci \Device\USBPDO-5 8586D1F8 Device \Driver\USBSTOR \Device\00000062 8615C1F8 Device \Driver\usbuhci \Device\USBPDO-6 8586D1F8 Device \Driver\volmgr \Device\HarddiskVolume1 854081F8 Device \Driver\usbehci \Device\USBPDO-7 8586E1F8 Device \Driver\USBSTOR \Device\00000071 8615C1F8 Device \Driver\volmgr \Device\HarddiskVolume2 854081F8 Device \Driver\cdrom \Device\CdRom0 858D21F8 Device \Driver\volmgr \Device\HarddiskVolume3 854081F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8540A1F8 Device \Driver\atapi \Device\Ide\IdePort0 8540A1F8 Device \Driver\atapi \Device\Ide\IdePort1 8540A1F8 Device \Driver\atapi \Device\Ide\IdePort2 8540A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8540A1F8 Device \Driver\volmgr \Device\HarddiskVolume4 854081F8 Device \Driver\netbt \Device\NetBt_Wins_Export 8612C500 Device \Driver\PCI_PNP6158 \Device\0000004b spdu.sys Device \Driver\Smb \Device\NetbiosSmb 8612A1F8 Device \Driver\iScsiPrt \Device\RaidPort0 85B481F8 Device \Driver\usbuhci \Device\USBFDO-0 8586D1F8 Device \Driver\usbuhci \Device\USBFDO-1 8586D1F8 Device \Driver\USBSTOR \Device\0000007a 8615C1F8 Device \Driver\usbuhci \Device\USBFDO-2 8586D1F8 Device \Driver\usbehci \Device\USBFDO-3 8586E1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{A3617E9E-5996-4361-B1EB-F83EE9B33C15} 8612C500 Device \Driver\usbuhci \Device\USBFDO-4 8586D1F8 Device \Driver\usbuhci \Device\USBFDO-5 8586D1F8 Device \Driver\usbuhci \Device\USBFDO-6 8586D1F8 Device \Driver\usbehci \Device\USBFDO-7 8586E1F8 Device \Driver\ajv9p3se \Device\Scsi\ajv9p3se1 858D31F8 Device \Driver\ajv9p3se \Device\Scsi\ajv9p3se1Port4Path0Target0Lun0 858D31F8 Device \FileSystem\fastfat \Fat 862391F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 8910F1F8 ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTfkxapueodk.sys (*** hidden *** ) 90ECF000-90EEC000 (118784 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [484] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [704] 0x014F0000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [776] 0x008C0000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [892] 0x00C50000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [916] 0x00320000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [968] 0x008C0000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [988] 0x00790000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1168] 0x007A0000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1516] 0x007C0000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1612] 0x00D70000 Library \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2024] 0x00550000 ---- Services - GMER 1.0.15 ---- Service C:\Windows\system32\drivers\H8SRTfkxapueodk.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xC4 0xCB 0x78 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC2 0x56 0x41 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7F 0xF9 0xEB 0x08 ... Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfkxapueodk.sys Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTygydjcxfjx.dll Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTawfkhtaxyl.dat Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTqwoknfejfh.dll Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTrndsesfxhk.dll Reg HKLM\SYSTEM\ControlSet011\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTjdtgtywrmp.dll Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xC4 0xCB 0x78 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC2 0x56 0x41 0x18 ... Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7F 0xF9 0xEB 0x08 ... ---- Files - GMER 1.0.15 ---- File C:\Program Files\Adobe\Adobe Device Central CS3\Required\Build.txt (size mismatch) 2781184/4 bytes executable File C:\Program Files\Apple Software Update\SoftwareUpdateFiles.dll (size mismatch) 238912/349504 bytes executable File C:\Program Files\Common Files\microsoft shared\Web Components\11\1033\OWCRCH11.CHM (size mismatch) 539192/388950 bytes executable File C:\Program Files\Java\jre1.6.0\bin\fontmanager.dll (size mismatch) 69632/335872 bytes executable File C:\Program Files\Lavasoft\Ad-Aware\Drivers\lbd.cat (size mismatch) 319456/6460 bytes executable File C:\ProgramData\Lavasoft\Ad-Aware\Quarantine\h8srtrndsesfxhk.dll.94d5a468da6453c0c240fbc278c35d.5884dee38665eaea9d87788be66a9e.aawqff 16900 bytes File C:\Users\Bobby Kalb\AppData\Local\Temp\H8SRT3b41.tmp 681472 bytes executable File C:\Users\Bobby Kalb\AppData\Local\Temp\h8srtmainqt.dll 16465 bytes File C:\Windows\System32\drivers\H8SRTfkxapueodk.sys 40448 bytes executable <-- ROOTKIT !!! File C:\Windows\System32\DriverStore\FileRepository\prnca001.inf_92fbd03f\I386\CNBI320.GPD (size mismatch) 65536/15284 bytes executable File C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_755a936f\CNHL370S.DLL (size mismatch) 49664/17920 bytes executable File C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\pci.sys (size mismatch) 106600/140392 bytes executable File C:\Windows\System32\H8SRTawfkhtaxyl.dat 167 bytes File C:\Windows\System32\H8SRTjdtgtywrmp.dll 40960 bytes executable File C:\Windows\System32\h8srtkrl32mainweq.dll 765 bytes File C:\Windows\System32\H8SRTqwoknfejfh.dll 27136 bytes executable File C:\Windows\System32\H8SRTrndsesfxhk.dll 16896 bytes executable File C:\Windows\System32\h8srtshsyst.dll 2096 bytes File C:\Windows\System32\H8SRTygydjcxfjx.dll 23552 bytes executable File C:\Windows\Temp\H8SRT4430.tmp 4096 bytes executable File C:\Windows\Temp\H8SRTa4d6.tmp 167 bytes File C:\Windows\Temp\H8SRTb73d.tmp 40960 bytes executable File C:\Windows\Temp\H8SRTbbfe.tmp 16896 bytes executable File C:\Windows\Temp\H8SRTc9c3.tmp 40960 bytes executable File C:\Windows\Temp\H8SRTd345.tmp 40960 bytes executable File C:\Windows\Temp\H8SRTd70c.tmp 27136 bytes executable File C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.0.6000.16391_none_bb7bcc1906af2dc0\usbport.inf (size mismatch) 19456/52054 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6000.16386_none_52ecab794cde131c\wab32res.dll (size mismatch) 706560/1098752 bytes executable File C:\Windows\winsxs\x86_prnbr001.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8eacdd861758177c\LMPCLRES.DLL.mui (size mismatch) 10240/3072 bytes executable File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----